Over the past few days, some scary stories have been circulating the internet regarding a privilege escalation vulnerability in Intel's Active Management Technology suite, which provides out-of-band management capabilities—or hardware-based remote control of certain PC features—over a network, even when a PC is turned off. According to Google security developer Matthew Garrett, vulnerable systems that are set up to use AMT and have the feature provisioned by an organization could give an attacker serial console access, allow for arbitrary code execution in the operating system's kernel, or provide a way to boot a hostile operating system over a network.
One of the headaches with this vulnerability is figuring out which systems are actually affected. According to Intel, only systems with support for its Active Management Technology, Intel Standard Manageability, and the now-defunct Intel Small Business Technology features have the prerequisites to get owned by the bug. Those technologies are a part of the vPro technology suite for businesses.
Intel AMT bug is bad, but your consumer PC probably doesn't even have this option in the firmware, much less the necessary AMT provisioning pic.twitter.com/MTh4MEjQUN— Jeff Kampman (@jkampman_tr) May 5, 2017
Furthermore, those systems would have to be provisioned by a system administrator (i.e. set up) to use AMT, ISM, or SBT for the vulnerability to be exploited remotely. A separate but related vulnerability would allow an attacker to provision an affected system locally and gain privileges on that system, but rule of thumb: once an attacker has local access to your PC, all bets are off anyway.
If you're a regular Joe or Jane, there's probably little reason to worry about this exploit on your home PC. Intel's P-series, B-series, H-series, and Z-series consumer chipsets aren't compatible with these remote management features, so they could never be provisioned for remote management in the first place. As far as we're aware, one would need a Q-series motherboard (or other business-friendly chipsets) to be vulnerable to the local provisioning exploit to begin with, and only business PCs that are already provisioned for Intel AMT can be taken advantage of over the network. If you're in a large corporation's IT department, however, we feel for you.
With that baseline established, we can look at what is vulnerable. Intel says versions of its manageability firmware ranging back to version 6.0.x are affected. That firmware is associated with AMT-ready versions of Intel's 5-series motherboards, which hosted Lynnfield and Clarkdale Core CPUs back in 2009. The vulnerability is present in all management firmware ranging up to that of the Q270 chipset that can underpin Skylake and Kaby Lake chips. Here's a listing of the vulnerable firmware versions and the updated version that removes the vulnerability for each chipset:
PC and component manufacturers are responsible for making these firmware updates available, however, so if a particular OEM is slow to act (or never acts, as the case may be for some older systems), Intel has released a guide users can follow to mitigate the vulnerability on their own. Intel has also released a detection guide and software tool to help IT pros determine whether their systems are vulnerable.
The vulnerability was discovered by embedded device security company Embedi. The researchers there have published a whitepaper detailing the exact cause of the bug for those who want the nitty-gritty. If you're a system administrator who uses Intel's AMT or similar technologies with your PCs, we'd be auditing those systems ASAP.
|Silverstone shines RGB LEDs on the Mini-ITX RVZ03 chassis||0|
|Radeon Software Crimson ReLive Edition 17.7.2 boasts refinements galore||5|
|Cooler Master gives the MasterBox Lite 5 case an RGB makeover||0|
|USB 3.2 spec pushes bandwidth up to 20 Gbps||36|
|Razer Tiamat 7.1 V2 headset packs ten drivers for immersive audio||11|
|EVGA unleashes the GTX 1080 Ti K|ngp|n graphics card||21|
|Corsair sells a majority stake to private equity for $525 million||65|
|AMD turned a $25 million operating profit in Q2 2017||90|
|Rumor: Radeon RX Vega benched in 3DMark Fire Strike||58|
|What's the point of boycotting a company just because it's been sold, as long as the products still provide reasonable value for your money? Did Eagle...||+28|